[JENKINS-25034] Credentials metadata leak in Hypervisor

Type: Bug
Resolution: Fixed
Priority: Blocker
Component/s: libvirt-slave-plugin
Labels:
- credentials
- security

Similar Issues:
Powered by SuggestiMate

Show
Released As:
https://github.com/jenkinsci/libvirt-slave-plugin/commit/a14e4387f9cbddb86db1eb55985ff74502e926dc

Hypervisor.DescriptorImpl.doFillCredentialsIdItems should have a permissions check lest it expose credentials IDs and descriptions to anonymous users. Check ssh-slaves-plugin for suggestions.

There are no comments yet on this issue.

Assignee:: Bastian Germann

Reporter:: Jesse Glick

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2014-10-07 21:26

Updated:: 2020-09-29 12:59

Resolved:: 2020-07-03 13:45

Jenkins

Details

Description

Attachments

Activity

People

Dates